15d2ade33532e6a9907081c5011f2f9e258177f8bbf14ea0608b18c98433814c

Analysis

max time kernel
139s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

325e6c358945b734a6240fd2fbcb8f7b_JaffaCakes118.apk
Size

17.4MB
MD5

325e6c358945b734a6240fd2fbcb8f7b
SHA1

a2e5e9232d2be62452fca364dd20389d1a384dae
SHA256

15d2ade33532e6a9907081c5011f2f9e258177f8bbf14ea0608b18c98433814c
SHA512

98aa0d1c200d3e3ac3218b585165a04845ea91d609c096b8d4246585bc722d3562414ffa605846734bf12bf3e7d089a00aac8afb25ee40e12903749db402f613
SSDEEP

393216:OIUgbZWJq2qJWpvwWbUcVjFRXx1diKlFtKMV1ttSKsEPS:OtgbZWIFW4Qj1v1lFQMtt7sEK

Score

7^/10

discovery evasion

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar	4388	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/oat/x86/test.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar	4295	com.gzmq.qzdsm

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.gzmq.qzdsm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.gzmq.qzdsm
1⤵
- Loads dropped Dex/Jar
- Queries information about running processes on the device
PID:4295
- getprop ro.product.cpu.abi
  2⤵
  PID:4323
- chmod 700 /data/user/0/com.gzmq.qzdsm/files/txRes_1.4
  2⤵
  PID:4342
- chmod 700 /data/user/0/com.gzmq.qzdsm/files/txRes_1.4_Exec
  2⤵
  PID:4354
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar --output-vdex-fd=48 --oat-fd=49 --oat-location=/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/oat/x86/test.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4388

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/cmcc_march

Filesize
185KB

MD5
fb73af5cd083c8dae4fd93f428c00a34

SHA1
df2f01a250cfc28492ea7191e5ea31a88718285a

SHA256
2d49f93ef79ab5cfa575057593952a934e44ce78bfc4abfd4b1e98134907323f

SHA512
26056596471e338d8617d0563bd9993e29e90d6bfea1777b00133cc644a5dc6ae2b25189d3a9a4e42c8e832d8a6c0c096a5dcaf0b1492778bcb77170cdfd51ca

Download Submit
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/htc-4295.so

Filesize
33KB

MD5
e3bb5022ea113736f7e0ae87a6be4600

SHA1
ce57912e50ab032f7fea0a2431d2493125832982

SHA256
564d1beb2432982b256951fc956658ae115d72a9f95ccf8756a4704faac5071d

SHA512
8a371c9114b50d7d8c2064bacfe004c6ae9e2431dc7ccb019461794511b4650ff62803c9a073f76e4d70b4fcb895eaaf1d6d0e388c88f420c2494d38aeb4ae83

Download Submit
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar

Filesize
185KB

MD5
ddcf5145a999eaa0e64bfc46ecb0e225

SHA1
37d244823b7ee44ff80b42a236ae15bfb2450dec

SHA256
afebfed166bbc947ec561933e229b1b96a809f1716cdb54a5aaaeb8b84dcdc0d

SHA512
fa51a344ec1cce692239f0644445c5b60f36b202ec7cf98aacab172984fb3d05258e52a3abc029d8120341fbf529b00453e912de85093110c5bfcdbfdbf91234

Download Submit
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar

Filesize
418KB

MD5
406c9f1b4fde42141d278a2eab115e8d

SHA1
82a6130be8f78819fd3bd325a11946565a48ad2e

SHA256
e9b772a8fcd670c2c34da23ed340937468caac0672ea7c4a72007d2b3a5e1966

SHA512
7c0e32de0d5fb4342f9575c33091d541237e61e56968ca52d41f5d453d233f30c5ab136a8b241ee5a23bbe04dac98be0ffbe73cd9f8314362b652c4bcdb2f0e6

Download Submit
/data/data/com.gzmq.qzdsm/com.gzmq.qzdsm/test.jar

Filesize
418KB

MD5
a7340a9866a44f45c458885d1c95cadd

SHA1
8e4f3ab90292cb1497cb403796098b52a083403a

SHA256
ca6b7f835e4709bcacb17c9d81b772b4870fec18e3bdba83f618c8b985531d05

SHA512
428e8bb27fd226ab1e478d9236dc0e6bce88b5a261085a90e1f4f7b9fd5f0deaed304263cc1844ba5eee7bd28056bd534e45cb91527e7b7a6c1ccd05a118611d

Download Submit
/data/data/com.gzmq.qzdsm/files/txRes_1.4

Filesize
206KB

MD5
79922b13de8aec7af235bd83a95416d0

SHA1
6833dddc87b2bcff686a88c5a86b036f34e5a305

SHA256
3cbba048529b856ebc8901ed8f419eeacc8438eea8934b537fe7263d878cb49b

SHA512
5535ad0704add0a4c37a2bdb2c216cb979380fc5897413dcf1f1b248ef01860fa7707e3cc8a368e5028ef332d722f1c3140039b5f0b299c92f0bc3b727e1a701

Download Submit
/data/data/com.gzmq.qzdsm/files/txRes_1.4_Exec

Filesize
9KB

MD5
374429aa9a5b24cda34cf6eeeb0d008a

SHA1
1fdd3c098bf876644470f6b54d47979234681d88

SHA256
ca906cf8883bbdabca09ef349460cae4ac0ad2f7e711f663b59198c179418e07

SHA512
615c13ce14a149d2793d2f4a5c6b768a7bbded1b8042455e17f9ee68503115862dc1fec4658bdd99ba065d4cda05ab0ca9171e90839c4cdb854247ea9033a216

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
221B

MD5
bcaf595ba357b312da85bb0e56b6e05e

SHA1
0e38152daba0aa0610ed7d64e1190c2348c93c82

SHA256
33e5a783b27c006f5f81b27f7538fe3b14520bce6d6a319498bf3cb925b99d17

SHA512
93034c2015b9cf3227f5e759e1e0984902d6860ddf5d2b7254e2c5eb806a041f7df14d7c94b492cf3a65ae03641416d7080527544db99b28ad3f155a2f000290

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
113B

MD5
d653c7f71c9754b406ed698c7486d73b

SHA1
2ffe2e7b6b6d9637e9bb3e2af0fa8034ac757cef

SHA256
af44c1316af28024d72d1d6094c90bb9cf9bc8d5ac3cafd0fd0d2002126ff4d2

SHA512
5511d8b4a5fa4d34970dbc8d74544452d099c5060a1054c381252649c90668c89972f44aed0e96ed09b95039305f0f73c70697525892ea12bce44ca3f6817a98

Download Submit
/storage/emulated/0/InAppBillingLibrary/log

Filesize
138B

MD5
667dd08f23ab4089f44da691185479c0

SHA1
779fd6101bf6da575c4e3d1ce49e495bae4f872b

SHA256
5e440c1ec6803599d6b7d4054dd0b92272f342e6aa3d75912b1154431a740099

SHA512
f0d27d00db8273c06547c19cfb0f02db61cc4ed6f21c3ed809f391635fdc00d0078301a6656b8ae29e7dd77421575fca9c2484853204b7381796cba4b737d70b

Download Submit